You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Michael Dürig <md...@adobe.com> on 2016/11/28 10:36:59 UTC
JSON License not allowed any more
Hi,
The JSON License has recently been moved to the list of licenses not
allowed to be included in Apache products (Category X) [1, 2].
For the Jackrabbit PMC this means that we have to remove all
dependencies to org.json:json within the grace period, which ends April
30th 2017. This affects all our products and branches we still do
release from, namely Jackrabbit 2, Jackrabbit Oak, FileVault. A quick
check on trunk revealed dependencies from Jackrabbit Oak oak-remote and
Jackrabbit 2 jcr-commons. FileVault doesn't seem to be affected. Didn't
check the branches.
I suggest to open respective blocker issues for all our products and
versions to ensure no JSON dependency slips into a release after April
30th 2017. WDYT?
Michael
[1] https://www.apache.org/legal/resolved#category-x
[2]
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E
Re: JSON License not allowed any more
Posted by Michael Dürig <md...@apache.org>.
> I suggest to open respective blocker issues for all our products and
> versions to ensure no JSON dependency slips into a release after April
> 30th 2017. WDYT?
See https://issues.apache.org/jira/browse/JCR-4068 and
https://issues.apache.org/jira/browse/OAK-5171 for the respective issues.
Michael
>
> Michael
>
>
> [1] https://www.apache.org/legal/resolved#category-x
> [2]
> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E
>
Re: JSON License not allowed any more
Posted by Michael Dürig <md...@apache.org>.
> I suggest to open respective blocker issues for all our products and
> versions to ensure no JSON dependency slips into a release after April
> 30th 2017. WDYT?
See https://issues.apache.org/jira/browse/JCR-4068 and
https://issues.apache.org/jira/browse/OAK-5171 for the respective issues.
Michael
>
> Michael
>
>
> [1] https://www.apache.org/legal/resolved#category-x
> [2]
> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E
>
Re: JSON License not allowed any more
Posted by Julian Reschke <ju...@gmx.de>.
On 2016-11-28 14:00, Marcel Reutegger wrote:
> On 28/11/16 13:41, Julian Reschke wrote:
>> It's only used in a unit test that checks another JSON impl (our own?).
>> Do we have a list of acceptable alternatives to the JSON.org version? I
>> assume Jackson would be ok?
>
> I don't have a list, but in oak-core and oak-jcr we are using
> json-simple as a test dependency.
>
> Regards
> Marcel
Yes, that seems to be the simplest possible thing to do here.
Best regards, Julian
Re: JSON License not allowed any more
Posted by Marcel Reutegger <mr...@adobe.com>.
On 28/11/16 13:41, Julian Reschke wrote:
> It's only used in a unit test that checks another JSON impl (our own?).
> Do we have a list of acceptable alternatives to the JSON.org version? I
> assume Jackson would be ok?
I don't have a list, but in oak-core and oak-jcr we are using
json-simple as a test dependency.
Regards
Marcel
Re: JSON License not allowed any more
Posted by Julian Reschke <ju...@gmx.de>.
On 2016-11-28 13:36, Michael D�rig wrote:
>
>
> On 28.11.16 1:03 , Julian Reschke wrote:
>> FWIW, Jackrabbit's dependency is test-scoped...
Where I meant the one in jcr-commons...
> Which should simplify things a lot. I'd say let's try going for removal
> of the dependency right away. A remaining question would be if we have
> other dependencies from the various branches. I didn't check those yet.
It's only used in a unit test that checks another JSON impl (our own?).
Do we have a list of acceptable alternatives to the JSON.org version? I
assume Jackson would be ok?
Best regards, Julian
Re: JSON License not allowed any more
Posted by Michael Dürig <md...@apache.org>.
On 28.11.16 1:03 , Julian Reschke wrote:
> FWIW, Jackrabbit's dependency is test-scoped...
Which should simplify things a lot. I'd say let's try going for removal
of the dependency right away. A remaining question would be if we have
other dependencies from the various branches. I didn't check those yet.
Michael
Re: JSON License not allowed any more
Posted by Julian Reschke <ju...@gmx.de>.
On 2016-11-28 12:00, Michael D�rig wrote:
>
>
> On 28.11.16 11:56 , Julian Reschke wrote:
>> In the meantime, it seems, that we need to warn our users, as per:
>>
>> "Also please note that in the 2nd situation (where a temporary
>> exclusion has been granted), you MUST ensure that NOTICE explicitly
>> notifies the end-user that a JSON licensed artifact exists. They
>> may not be aware of it up to now, and that MUST be addressed." --
>> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
>>
>>
>>
>> ...and that applies to releases we do before April, as well, right?
>
> Right. Another blocker but this one applies immediately to all upcoming
> releases.
Would be good to have an example for the actual text to be used.
FWIW, Jackrabbit's dependency is test-scoped...
Best regards, Julian
Re: JSON License not allowed any more
Posted by Michael Dürig <md...@apache.org>.
On 28.11.16 11:56 , Julian Reschke wrote:
> In the meantime, it seems, that we need to warn our users, as per:
>
> "Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed." --
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
>
>
> ...and that applies to releases we do before April, as well, right?
Right. Another blocker but this one applies immediately to all upcoming
releases.
Michael
Re: JSON License not allowed any more
Posted by Davide Giannella <da...@apache.org>.
On 28/11/2016 10:56, Julian Reschke wrote:
> Awesome. Well, if we have to do it, we have to do it.
>
> In the meantime, it seems, that we need to warn our users, as per:
>
> "Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed." --
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
>
>
> ...and that applies to releases we do before April, as well, right?
We may add a note in the release notes of all the branches, both JR and
Oak regardless. Just to be on the safe side. Then we can remove it later
on once we are sure no dependencies are no longer there.
Davide
Re: JSON License not allowed any more
Posted by Davide Giannella <da...@apache.org>.
On 28/11/2016 10:56, Julian Reschke wrote:
> Awesome. Well, if we have to do it, we have to do it.
>
> In the meantime, it seems, that we need to warn our users, as per:
>
> "Also please note that in the 2nd situation (where a temporary
> exclusion has been granted), you MUST ensure that NOTICE explicitly
> notifies the end-user that a JSON licensed artifact exists. They
> may not be aware of it up to now, and that MUST be addressed." --
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
>
>
> ...and that applies to releases we do before April, as well, right?
We may add a note in the release notes of all the branches, both JR and
Oak regardless. Just to be on the safe side. Then we can remove it later
on once we are sure no dependencies are no longer there.
Davide
Re: JSON License not allowed any more
Posted by Julian Reschke <ju...@gmx.de>.
On 2016-11-28 11:36, Michael D�rig wrote:
>
> Hi,
>
> The JSON License has recently been moved to the list of licenses not
> allowed to be included in Apache products (Category X) [1, 2].
>
> For the Jackrabbit PMC this means that we have to remove all
> dependencies to org.json:json within the grace period, which ends April
> 30th 2017. This affects all our products and branches we still do
> release from, namely Jackrabbit 2, Jackrabbit Oak, FileVault. A quick
> check on trunk revealed dependencies from Jackrabbit Oak oak-remote and
> Jackrabbit 2 jcr-commons. FileVault doesn't seem to be affected. Didn't
> check the branches.
>
> I suggest to open respective blocker issues for all our products and
> versions to ensure no JSON dependency slips into a release after April
> 30th 2017. WDYT?
>
> Michael
Awesome. Well, if we have to do it, we have to do it.
In the meantime, it seems, that we need to warn our users, as per:
"Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed." --
<http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
...and that applies to releases we do before April, as well, right?
Best regards, Julian
Re: JSON License not allowed any more
Posted by Julian Reschke <ju...@gmx.de>.
On 2016-11-28 11:36, Michael D�rig wrote:
>
> Hi,
>
> The JSON License has recently been moved to the list of licenses not
> allowed to be included in Apache products (Category X) [1, 2].
>
> For the Jackrabbit PMC this means that we have to remove all
> dependencies to org.json:json within the grace period, which ends April
> 30th 2017. This affects all our products and branches we still do
> release from, namely Jackrabbit 2, Jackrabbit Oak, FileVault. A quick
> check on trunk revealed dependencies from Jackrabbit Oak oak-remote and
> Jackrabbit 2 jcr-commons. FileVault doesn't seem to be affected. Didn't
> check the branches.
>
> I suggest to open respective blocker issues for all our products and
> versions to ensure no JSON dependency slips into a release after April
> 30th 2017. WDYT?
>
> Michael
Awesome. Well, if we have to do it, we have to do it.
In the meantime, it seems, that we need to warn our users, as per:
"Also please note that in the 2nd situation (where a temporary
exclusion has been granted), you MUST ensure that NOTICE explicitly
notifies the end-user that a JSON licensed artifact exists. They
may not be aware of it up to now, and that MUST be addressed." --
<http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF%40apache.org%3E>
...and that applies to releases we do before April, as well, right?
Best regards, Julian